Re: Update user info in Active Directory from SQL Server

[Andrea Patricelli]

Hi Ramón González,

Definitely what Tavernt said. Syncope can do the work for you if rightly 
setup and configured.

Here are some references:
- To setup a Syncope environment [2]
- To configure a (source) SQL server connector and resource through 
Database table or Scripted SQL connector [3] [4] and an Active Directory 
(destination) connector and resource [5].

Once configured resources, you have to pull [6] users into Syncope and 
define some logic in Java or Groovy (the business rules addressed by 
Tavernt), i.e. [7], if you need to make so processing before sending 
users to AD resource. While pulling you can automatically assign, in 
different ways, users to AD and link Syncope users to SQL server and AD.
Moreover, once users have assigned AD and SQL server resources, at each 
change, Syncope takes care of synchronizing entities towards resources. 
To have an idea of what a pull  task is and how to configure (also 
scheduling) it, please take a look at [8].

Thanks also to Tavernt for the precise overview of the whole flow.

Best regards,
Andrea

[1] https://syncope.apache.org/docs/2.1/reference-guide.html#identity-stores
[2] 
https://syncope.apache.org/docs/2.1/getting-started#obtain-apache-syncope
[3] 
https://syncope.apache.org/docs/2.1/reference-guide.html#connector-bundles
[4] https://connid.atlassian.net/wiki/spaces/BASE/pages/5570562/Database
[5] 
https://connid.atlassian.net/wiki/spaces/BASE/pages/360482/Active+Directory+JNDI
[6] 
https://syncope.apache.org/docs/2.1/reference-guide.html#provisioning-pull
[7] https://syncope.apache.org/docs/2.1/reference-guide.html#pullactions
[8] https://syncope.apache.org/docs/2.1/reference-guide.html#tasks-pull

Il 26/07/19 09:13, Tavernt Muchenje ha scritto:

Hi RG,

Yes, that’s the role of IdM to provision users/account to downstream 
systems (AD in this case).

Apache Syncope can easily be configured to read and pull users from 
SQL server DB and apply some business rules before creating the users 
in AD.

In addition you can schedule how often you need to check for user 
changes in SQL.

Cheers

---

signature_1995866963

        

Tavernt J. Muchenje (MBA, CCSP, CISSP)

Managing Director | Enterprise Security Architect

I’CURITY SOLUTIONS (PTY) LTD

M: +27 (0)72 727 8371

W: www.icurity.co.za <http://www.icurity.co.za>

BEE: Level 1

*From: *Ramón González <rgonza...@itera.com.do>
*Reply-To: *<user@syncope.apache.org>
*Date: *Friday, 26 July 2019 at 02:32
*To: *<user@syncope.apache.org>
*Subject: *Update user info in Active Directory from SQL Server

Hello,

An HR department uses an app to manage employee info such as manager, 
position, phone number, cellphone, birthday, emergency contact, etc. 
This info is stored in *SQL Server.*

Is it possible to update user info in *Active Directory (AD)* from SQL 
Server?

Right now, user info is updated in SQL Server but is outdated in AD.

Thanks in advance.

Regards,

RG

--
Dott. Andrea Patricelli
Tel. +39 3204524292

Engineer @ Tirasa S.r.l.
Viale Vittoria Colonna 97 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net

Apache Syncope PMC Member